I just tried to make a credit card payment at a merchants website that was using 2Checkout as the payment processor. The process on first glance looked like any other checkout process on the Internet. I first had to enter my personal information, and then on a second page my credit card number, verification code and expiration date. Instead of redirecting me to a final page with my order details, I was redirected to an intermediary page that was asking me to create a MasterCard SecureCode. MasterCard was the credit card company that I used to pay the merchant.
This never happened to me before and I suspected foul play for a short period of time. The screen asked me to enter my birthday and the last four digits of the associated bank account. To make matters worse, the setup returned an error and I could not complete the transaction.
I then decided to do some research on MasterCard SecureCode to find out what it was all about, and to monitor my credit card statement more closely in the coming weeks.
MasterCard SecureCode is explained on the MasterCard website. It is a private code to make online transactions more secure. The code is entered during transactions as a secondary means of authorization. Unlike the credit card number, expiration date and verification code, it is not submitted to the merchant, but to MasterCard directly.
It looks like a two-factor authentication on first glance. When you look closer though, you will notice that merchants benefit way more from it than credit card owners. Why? If someone steals your credit card information, they can still use the card in places and locations that do not support the SecureCode.
Merchants on the other hand that have implemented SecureCode as part of their checkout process, know that the actual owner of the credit card is making that transaction. That is, unless the thief managed to steal the MasterCard SecureCode as well from the user.
Credit card owners know on the other hand can be sure that a merchant is legit if SecureCode is supported. That’s the only benefit they have.
MasterCard owners can sign up for a Securecode at the MasterCard website, or during the checkout process (which did not work for me).
Have you encountered MasterCard SecureCode yet on an online shipping tour?
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
My Bank, Mastercard And My Annual Hosting InvoiceVisa, MasterCard Plan to link Credit Card Purchases And Online Marketing
Need To Enter A Valid Credit Card? Try This
How Stolen Credit Cards are sold
Google Unveils eWallet
The advantage of 3d Secure (VISA) / SecureCode (Mastercard) is less fraud. Card fraud is a cost both to the client (when a card number is stolen) and the merchant (when a service has been provided and the later turns out to be fraudulent). No individual merchant can verify card ownership with the same strength as 3d Secure / SecureCode, so without these systems the cost of card fraud gets passed on to legitimate clients.
Card fraud remains a problem if a card is stolen as Secure Code is not used everywhere. So owners do not gain anything by that. And I highly doubt it that credit card companies will reduce the fees or the fee increases just because of the success of their new security system. As I said, it is great for merchants and the company, but that is it.
You are correct that the main benefit of 3D Secure / SecureCode is to the merchant, however it does provide an extra level of security to the client (ie. a scam site would not have SecureCode for sure) and certain business sectors have levels of fraud so high they wouldn’t be able to operate without SecureCode eg. Online gambling. Less fraud will eventually result in lower card fees, however the saving I am talking about is that that results from less chargebacks ie. costs to the merchant due to fraudulent transactions that eventually get passed back to clients to be recouped in the form of higher markups.
Implementing 3D Secure / SecureCode is actually not that difficult for the merchant – there are various companies that provide middleware for this function – and as the technology becomes more widespread the benefits to the client will become more apparent.
(and thanks for commenting on my comment)
The first (and only) time I came across SecureCode it raised doubts in my mind about the validity of it as I had never heard of it before.
I cancelled the transaction as I was not prepared to supply the requested information without finding out more.
I contacted my credit card supplier and they explained what it was about but I came to the conclusion that it was just one more thing that needed to be remembered and until it becomes more widely, if not universally used I shall avoid it.
As I said at the beginning I have never found myself in that situation again which I think speaks volumes for how little the scheme is currently used.
The original transaction? I bought the product but from another site and if I should find myself in that situation again I would simply look elsewhere.
I am all for increased security in such dealings but with the limited number of companies that have so far adopted this method it seems to me to be a waste of time at the moment.
If there is a genuine desire for increased security by the credit card companies this seems to be a very half-hearted way of going about it.
I ran across this on occasions and I always by-pass it. Transaction still works. I’m not about to key in any more personal info than necessary on a website that I’m not sure if it’s a cross-script hack or not.
Interesting read-
-http://en.wikipedia.org/wiki/3-D_Secure#Criticism
Agree, thanks for the link.
Can someone tell me if the securecode is the same as the password you use when you register a card? I’m 100% sure that the number I enter when asked for the securecode is the password I used when registering, but I continiously get an ‘invalid code’ response ……